If you read the article on HBH it says that it is 12 characters in length and of the form wordNUMword. Has anyone done this? The fastest bruteforce was said to be under and hour. Unfortunately there are too many false positives.

Well, I'm not that interested in the password. I'd like to know how you solved it. I can't brute force this forever.

What do you mean by 'curl magic'? Isn't curl a library for connecting to websites and things like that? Brute forcing the website would take too much time. Just a reminder: we know the checksum calculating algorithm and the checksum. We're supposed to find the password, but there are too many valid strings.

Let's say my wordlist is 'list'. Will I arrive at the string with this logic:
for x in 'list':
 for y in 'all numbers in list':
  for z in 'list':
    if len(x+y+z) == 12, check if the checksum == <required>